www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <he...@yandell.org>
Subject Re: Podling CLA/Grant advice
Date Tue, 03 Oct 2017 18:38:21 GMT
So you want an SGA to cover Mu's personal contributions from before 2017,
in addition to the ICLA he has personally signed?

I'm sure he'd be okay signing that, but I'm struggling to understand why
that has any value.

Hen

On Tue, Oct 3, 2017 at 11:19 AM, Chris Mattmann <mattmann@apache.org> wrote:

> Haha, cool, Hen.
>
>
>
> If Amazon would be amenable having the original author who created the
> repo (is that an Amazon
> employee) submit an SGA would be useful in my mind. Let us know if that
> can be arranged.
>
>
>
> Yes repo & contribution analysis should be ongoing, but not a blocker on
> proceeding obviously since
> MXNet has already made a release (though I know there were some concerns
> with the release perhaps
> procedurally from what I’ve read on the threads).
>
>
>
> Feel free to use my numbers ☺
>
>
>
> Cheers,
>
> Chris
>
>
>
>
>
>
>
>
>
> *From: *<hyandell@gmail.com> on behalf of Henri Yandell <henri@yandell.org
> >
> *Reply-To: *"legal-discuss@apache.org" <legal-discuss@apache.org>
> *Date: *Tuesday, October 3, 2017 at 11:14 AM
>
> *To: *ASF Legal Discuss <legal-discuss@apache.org>
> *Subject: *Re: Podling CLA/Grant advice
>
>
>
> No, there's no SGA and no one to sign an SFA. Who would the SGA be with?
> Perhaps the original author who created the repository 2 years ago? He's
> already signed an ICLA.
>
> Note that getting all Amazon employees to sign ICLAs (for those who
> havne't) is an easy task and would have limited impact on the numbers here.
> Amazon contributions from non-ICLA signers would have started ~Jan 2017,
> and it's arguable that contributions then were well aware they were a part
> of Apache as the project was reporting itself as having moved to Apache in
> Jan 2017 (though the GitHub change didn't happen until July). Basically
> there's unlikely to be much here unless Amazon happened to hire a
> historical contributor.
>
> Opt-out would be one approach. Still lots of analysis to work out
> contribution triviality so I'd be tempted to simply contact everyone who
> has contributed pre-July, or pre-January.
>
> Having specific numbers of what is trivial, what is major would be useful
> (as always). Your numbers are higher than I would come up with, so I prefer
> yours obviously :)
>
>
>
> Hen
>
>
>
> On Tue, Oct 3, 2017 at 11:05 AM, Chris Mattmann <mattmann@apache.org>
> wrote:
>
> Hi Hen,
>
>
>
> While I understand the below, there is no need to make it more complicated
> then it has to be.
>
>
>
> For MXNet, I assume there was an SGA filed, no? There only needs to be 1:1
> on the project level,
> and contributors don’t need to separately submit an SGA. I would assume
> you wouldn’t have to
> email 380 people and that the initial SGA and whomever were specified on
> it in the attachment,
> is sufficient to begin.
>
>
>
> Then we look that we have ICLAs on file for all **major** and non 5-10
> lines of code, or 30+ lines
> of code, or some number N lines of code **contributors**, for commits and
> contributions going
> forward. For those before hand, if there were 380 contributors, I’m
> assuming not all of them
> were Amazon employees. However, perhaps within the 380, many were the 5-10
> lines of code
> variety, a fix here or there variety, etc etc. I know you can adopt an **opt
> out** rather than **opt in**
> there. That is, leave the code in there. We assume good faith and that the
> person will want it there.
> If they **don’t** want it there, and they make that known, we take it out
> (we only want code that
> wants to be here).
>
>
>
> Taking the above into account, I do not think it has to be harder than
> that. And the PMC is responsible
> for IP management in relation to the code, so this is something the PPMC
> needs to decide. Consider the
> above (and below else-thread) advice helping you all to come to your
> decisions ☺
>
>
>
> Cheers,
>
> Chris
>
>
>
>
>
>
>
>
>
> *From: *<hyandell@gmail.com> on behalf of Henri Yandell <henri@yandell.org
> >
> *Reply-To: *"legal-discuss@apache.org" <legal-discuss@apache.org>
> *Date: *Tuesday, October 3, 2017 at 1:37 AM
> *To: *ASF Legal Discuss <legal-discuss@apache.org>
> *Subject: *Re: Podling CLA/Grant advice
>
>
>
>
>
> Here be dragons :)
>
>
>
> In #1, there are two sets:
>
> 1a) The entity are the copyright holder for 100% of the work (ignoring
> clearly decoupled dependencies).
>
> 1b) The entity are a partial copyright holder of the work (ignoring deps),
> have received a license to the rest of the work, and have the rights to
> assign that license to Apache. The latter is probably rare, yet this option
> (1b) is most likely for any codebase that has been public. That is, we rely
> on the entity contributing the project to Apache to have clean IP, we don't
> rely on them to be able to hand over their clean IP to us.
>
> I believe in #2 (below, not 1(b) above) that the git/github model has
> changed how we look at this. Historically we would have looked at the
> commits, but I don't believe we would have analysed the issue tracker. With
> pull requests on GitHub, folk who would have attached a patch to the issue
> tracker are now a part of the commit history and we see the authors
> increase by an order of magnitude.
>
>
>
> Note that MXNet did have a form of IP management. As a user of the Apache
> 2.0 license every contribution to the project (per clause 5) was licensed
> under the Apache 2.0 license ('in/out licensing'). That's the same IP
> management Apache uses for contributions on JIRA/pull requests, both
> trivial and anything up to 'major' (where the occasional major contribution
> requires an SGA, or lazily (in a good way) an ICLA).
>
> Going back to the original email; I'd like to know what to say to 380
> people to explain why we need them to sign something. With a relicence it's
> easy, relicensing needs the copyright owner's permission, they are a
> copyright owner, please can we have permission. With this, not so easy.
> "We don't trust your contribution, please sign this SGA so we can trust
> your contribution"?
>
>
>
> Hen
>
>
>
> On Mon, Oct 2, 2017 at 6:21 PM, Chris Mattmann <mattmann@apache.org>
> wrote:
>
> Craig, I share the below opinions.
>
> RE: SGA, let me clarify, I think there are a few situations:
>
>
> 1) SGA for a donation e.g., from a company or gov agency
> a. The person providing or “granting” the SGA may have
> the permission of the institution e.g., a signing authority, that
> represents the IP from the company or agency, fine.
> b. The person may be someone without signing authority but
> designated by the agency as someone who can provide the Grant,
> fine.
> 2) SGA for a donation e.g., from a set of contributors
> a. The person providing or “granting” the SGA would ideally point to
> some permanent URL or public URL with the decision by the binding
> set of members of the contributors (at a minimum, within reason e.g.,
> defined as all those active, or as all contributors ever, or all those
> that responded to my email with a deadline of 2 weeks, or a month etc.)
> b. If the community already uses some form of IP management besides
> having a version repository and headers, etc., then pointing to those
> on file would be useful and welcomed.
>
> I’m sure there are variations on 1ab or 2ab but those are the ones fresh
> in my mind
> with what I was talking about.
>
> Thoughts, Craig? Roman?
>
> Cheers,
> Chris
>
>
>
>
>
> On 10/2/17, 5:51 PM, "Craig Russell" <apache.clr@gmail.com> wrote:
>
>
>     > On Oct 2, 2017, at 5:23 PM, Roman Shaposhnik <roman@shaposhnik.org>
> wrote:
>     >
>     > On Mon, Oct 2, 2017 at 3:23 PM, Craig Russell <apache.clr@gmail.com>
> wrote:
>     >> Not to contradict our VP, Legal, just to clarify.
>     >>
>     >>> On Oct 2, 2017, at 1:17 PM, Chris Mattmann <mattmann@apache.org>
> wrote:
>     >>>
>     >>> Clearly, an SGA is intended for the copyright holder. If that’s an
> individual who as an
>     >>> individual represents those copyright holders, OK, but it’s gotta
> be pretty clear.
>     >>
>     >> That is a pretty high bar, and I've not seen it in practice. In
> order for an individual to own
>     >> the rights and grant those rights via an SGA, there would need to
> be some grant document
>     >> from the contributor to the individual(s) signing the SGA.
>     >
>     > +1 to what Craig is saying -- I've also seen a much laxer attitude in
>     > the past. The very questions
>     > I'm asking is whether we should consider tighten our practices or
>     > still allow SGAs that are lax.
>     >
>     > I'm actually working on a proposal right now for a project that
>     > existed on GitHub for sometime.
>     > I've assumed that an SGA *on behalf* of the community (but NOT from
>     > somebody who is legally
>     > speaking a copyright holder) will be a way to go.
>
>     Speaking as a non-lawyer, "You cannot grant rights that you do not
> own." And the following is strictly my own opinion.
>
>     A project that is licensed under alv2.0 and has existed for so long
> that the contributors cannot be found can still use code with the Apache
> license, but not with the Apache header.
>
>     If the project is currently licensed using the alv2.0 as its license,
> then the project can continue to use the license with its original headers
> and NOTICE.
>
>     Craig
>
>     >
>     > Thanks,
>     > Roman.
>     >
>     > ------------------------------------------------------------
> ---------
>     > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>     > For additional commands, e-mail: legal-discuss-help@apache.org
>     >
>
>     Craig L Russell
>     Secretary, Apache Software Foundation
>     clr@apache.org http://db.apache.org/jdo
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>     For additional commands, e-mail: legal-discuss-help@apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
>
>
>

Mime
View raw message